package cn.bon.security.config;


import cn.bon.security.filter.HeaderAddFilter;
import cn.bon.security.filter.JwtAuthFilter;
import cn.bon.security.handler.AccessDeniedHandlerImpl;
import cn.bon.common.utils.JwtUtils;
import lombok.Data;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import javax.annotation.Resource;

@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Configuration
@Data
public class WebSecurityConfig implements BeanPostProcessor {
    @Resource
    private AccessDeniedHandlerImpl accessDeniedHandler;



    @Bean
    @ConditionalOnBean(JwtUtils.class)
    protected DefaultSecurityFilterChain configure(HttpSecurity http, JwtAuthFilter jwtAuthFilter, HeaderAddFilter headerAddFilter) throws Exception {
        // 关闭csrf
        http
                .csrf()
                .disable();
        http.authorizeHttpRequests(
                (authorizeHttpRequests) ->
                        authorizeHttpRequests
                                // 放行登录接口
                                .requestMatchers("/userSysOp/login","/doc.html","/webjars/**","/v3/api-docs/**","/user/addUser","/test")
                                .permitAll()
                                .anyRequest()
                                .authenticated()
  		 	);
        http.exceptionHandling()
                .accessDeniedHandler(accessDeniedHandler);
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        // Jwt认证过滤器
        http.addFilterAfter(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
        http.addFilterBefore(headerAddFilter, JwtAuthFilter.class);
        return http.build();
    }



    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }


    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
        return authenticationConfiguration.getAuthenticationManager();
    }

//    @Override
//    public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
//        if (beanName.equals("configure")) {
//            ()
//        }
//        return BeanPostProcessor.super.postProcessBeforeInitialization(bean, beanName);
//    }
}
